registry  /  @t2000/cli  /  5.31.0

@t2000/cli@5.31.0

Agent Wallet for AI agents on Sui — gasless USDC + USDsui sends, Cetus swap, MPP paid API access, MCP integration, scriptable from any shell.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 4.80 MB of source, external domains: accounts.google.com, agents.t2000.ai, api-sui.cetus.zone, api.example.com, api.t2000.ai, api.trustedservices.intel.com, crypto.stackexchange.com, developers.t2000.ai, docs.sui.io, eprint.iacr.org, example.com, fullnode.mainnet.sui.io, fullnode.testnet.sui.io, github.com, graphql.mainnet.sui.io, hermes.pyth.network, hyperelliptic.org, mainnet.mvr.mystenlabs.com, mpp.t2000.ai, my-agent.example, nodejs.org, pccs.phala.network, suiscan.xyz, suspicious-site.com, t2000.ai, testnet.mvr.mystenlabs.com, www.w3.org, x402.t2000.ai
Oversized source lightweight scan
dist/dist-L3E4Q45J.js4.13 MB file, sampled 256 KB
FilesystemNetworkEnvironmentVarsCryptoHighEntropyStringsUrlStringsagents.t2000.aiapi.example.comapi.t2000.aidevelopers.t2000.aidocs.sui.ioexample.commpp.t2000.aimy-agent.examplenodejs.orgsuiscan.xyzsuspicious-site.comt2000.aix402.t2000.ai

Source & flagged code

6 flagged · loading source
dist/chunk-R6QER65C.jsView file
1333*/ L1334: fork() { L1335: this.stack.push({ chunks: this.chunks, buf: this.buf });
High
Child Process

Package source references child process execution.

dist/chunk-R6QER65C.jsView on unpkg · L1333
dist/index.jsView file
2054} L2055: const execArgv = process5.execArgv ?? []; L2056: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) {
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L2054
1Cross-file remote execution chain: dist/index.js spawns dist/chunk-R6QER65C.js; helper contains network access plus dynamic code execution. L1: #!/usr/bin/env node L2: import { createRequire as __createRequire } from 'module'; import { fileURLToPath as __fileURLToPath } from 'url'; import { dirname as __pathDirname } from 'path'; const require = ... L3: import { ... L30: deriveDynamicFieldID, L31: fromBase64 as fromBase642, L32: suiBcs, ... L99: * Constructs the CommanderError class L100: * @param {number} exitCode suggested exit code which could be used with process.exit L101: * @param {string} code an id string representing the error ... L1214: var EventEmitter2 = __require("events").EventEmitter; L1215: var childProcess = __require("child_process"); L1216: var path2 = __require("path");
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index.jsView on unpkg · L1
1#!/usr/bin/env node L2: import { createRequire as __createRequire } from 'module'; import { fileURLToPath as __fileURLToPath } from 'url'; import { dirname as __pathDirname } from 'path'; const require = ... L3: import {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L1
dist/src-FIYSHJR4.jsView file
1import { createRequire as __createRequire } from 'module'; import { fileURLToPath as __fileURLToPath } from 'url'; import { dirname as __pathDirname } from 'path'; const require = ... L2: import { ... L92: var PLATFORM_ISSUER_ID = "platform"; L93: var TRUSTED_ROOT_CA_DER_BASE64 = "[redacted]... L94: var TRUSTED_ROOT_CA_DER = Buffer2.from(TRUSTED_ROOT_CA_DER_BASE64, "base64"); ... L279: reserved4: reader.readBytes(60), L280: reportData: reader.readBytes(64) L281: }); ... L4232: 2: "context", L4233: 3: "private" L4234: }; ... L6614: bugs: {
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

dist/src-FIYSHJR4.jsView on unpkg · L1
dist/dist-L3E4Q45J.jsView file
path = dist/dist-L3E4Q45J.js kind = oversized_source_file sizeBytes = 4330431 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/dist-L3E4Q45J.jsView on unpkg

Findings

5 High4 Medium5 Low
HighChild Processdist/chunk-R6QER65C.js
HighShelldist/index.js
HighCross File Remote Execution Contextdist/index.js
HighBase64 Obscured Urldist/src-FIYSHJR4.js
HighOversized Source Filedist/dist-L3E4Q45J.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings